- DCENTRIC HEALTH LTD a company formed under the laws of Cyprus with registration Number (ΗΕ 391425) and registered office at 7 Agiou Mina Str. PANORAMA RESIDENCE BLOCK B, Flat 101 Limassol P.C 4104 (henceforth for the purposes of brevity shall be called “Provider”).
- Contact email for exercising rights arising from this policy:
- This data protection policy is limited to personal data processed by ARIA.
- Definitions used here are referring also to the Terms and Conditions dated ‘February 6th 2020’ which are applicable to ARIA.
Important Announcement Regarding the Right to Be Forgotten
- ARIA uses a blockchain implementation to process (store) health data. The Provider facilitates the exercise of the Right to be Forgotten (mentioned in point 3.3) by delinking and destroying the recovery phrase (private key) which connects the encrypted health data stored on the blockchain with a natural person (user).
- What remains after the delinking and destruction of the phrase (key) is medical data which cannot be connected to a natural person (non-identifiable personal data).
If you do not agree to the implementation of the Right to be Forgotten do not use ARIA.
- For more information regarding this implementation please contact us the email address mentioned in point 1.2.1.
Rights of the data subject
- Right of access to the personal data that concern you provided that they are processed by the Provider.
- Right to rectification of inaccurate data as well as to have incomplete personal data to be completed in full.
- Right to erasure of your personal data without prejudice to the Provider’s obligations and legal rights.
- Right to restriction of processing your personal data.
- Right to withdraw your consent.
How to exercise rights
- Any request regarding your personal data and the exercise of your rights shall be addressed by email to the Provider.
- You have the right to appeal to the Cyprus Commissioner for Personal Data Protection.
- Contact Information:
Personal Data Processed
- Full Name(First Name, Last Name)
- Phone Number
- Email (in case this is identifiable personal data)
- Aria ID (in case this is identifiable personal data)
- Public Key
- Date of Birth
- Special Categories of Data (sensitive data):
- Health Data (indicative and not exhaustive list): height, weight, heart rate, blood analysis, and metabolic rates and levels.
- Identification Documents (in cases where needed to recover account)
- For Doctors
- Medical License Information
- Affiliated Institution
Non-identifiable Data Collected
- Usage Information such as the time spent to create an account, number of records received and shared, what screens or features you access, and other similar types of usage information
- Device Information: We collect information about the mobile device you use to access our Services, including the hardware model, operating system and version, device identifiers set by your device operating system, and mobile network information (like your connection type, carrier and region).
Purpose of the processing
- To provide access and the ability to use the mobile application ARIA.
- Conducting interviews with users to provide feedback on ARIA.
Lawfulness for the processing of personal data
- For purpose on point 8.1
- Consent for all personal data-including special categories.
- For purpose on point 8.2
- Consent for the use of phone number.
- Legitimate interests regarding the enhancement of performance on ARIA for the use of email.
Data storage period
- As long as the user is using the service.
- Personal data that are not considered special categories:
- Indicatively: Legal Advisor, Application Developers, Technical Support Staff of the Provider.
- Health Data:
- Persons that the User has authorized via ARIA.
- No data is transferred to third parties for any commercial purpose.
- For Doctor-category users:
- Patient-category users may see personal data such as:
- Name, Surname, Specialization, License Number, Institution (by default).
- Contact Details may be shared by the Doctor from within the app.
Data transfer outside the European Union
- No data transfer outside the E.U.
- No automated decisions are made based on personal data processed by the Provider.
- Users may extract their personal data to facilitate their portability. The Provider does not provide an implementation to facilitate data portability to third parties directly.
Extraction of Personal Data
- Users may extract their personal data (including health data).
- Users are strongly advised to use security measures when extracting their data.
- We use automated data collection tools such as Cookies to automatically collect the non-identifiable data outlined in point 7.